Change SHARED function to use a safe traversal when modifying a variable
When the SHARED function modifies a variable, it removes it from its list of variables and reinserts the new value at the head of the list of variables. Doing this inside a standard list traversal can be dangerous, as the standard list traversal does not account for the list being changed. While the code in question should not cause a use after free violation due to its breaking out of the loop after freeing the variable, it could lead to a maintenance issue if the loop was modified. This also fixes a violation reported by a static analysis tool, which also makes this code easier to maintain in the future. ........ Merged revisions 361657 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 361658 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@361659 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
parent
90226b6fd7
commit
f4fd1b2fb0
|
@ -243,14 +243,15 @@ static int shared_write(struct ast_channel *chan, const char *cmd, char *data, c
|
|||
varshead = varstore->data;
|
||||
|
||||
/* Protected by the channel lock */
|
||||
AST_LIST_TRAVERSE(varshead, var, entries) {
|
||||
AST_LIST_TRAVERSE_SAFE_BEGIN(varshead, var, entries) {
|
||||
/* If there's a previous value, remove it */
|
||||
if (!strcmp(args.var, ast_var_name(var))) {
|
||||
AST_LIST_REMOVE(varshead, var, entries);
|
||||
AST_LIST_REMOVE_CURRENT(entries);
|
||||
ast_var_delete(var);
|
||||
break;
|
||||
}
|
||||
}
|
||||
AST_LIST_TRAVERSE_SAFE_END;
|
||||
|
||||
var = ast_var_assign(args.var, S_OR(value, ""));
|
||||
AST_LIST_INSERT_HEAD(varshead, var, entries);
|
||||
|
|
Loading…
Reference in New Issue